MDVSA-2013:014

Package name

java-1.6.0-openjdk

Date

2013-02-22

Advisory ID

MDVSA-2013:014

Affected versions

MES5 i586 , 2011 i586 , MES5 x86_64 , 2011 x86_64

Problem description

Multiple security issues were identified and fixed in OpenJDK
(icedtea6):

* S8006446: Restrict MBeanServer access
* S8006777: Improve TLS handling of invalid messages
* S8007688: Blacklist known bad certificate
* S7123519: problems with certification path
* S8007393: Possible race condition after JDK-6664509
* S8007611: logging behavior in applet changed

The updated packages provides icedtea6-1.11.8 which is not vulnerable
to these issues.

Updated packages

MES5 i586

 0b169348da4539ef53a469ea65ec5c56  mes5/i586/java-1.6.0-openjdk-1.6.0.0-35.b24.3mdvmes5.2.i586.rpm
 201893b40418745b61190a8709e291e3  mes5/i586/java-1.6.0-openjdk-demo-1.6.0.0-35.b24.3mdvmes5.2.i586.rpm
 0f6029a3cda961c2b5a44fb79f316538  mes5/i586/java-1.6.0-openjdk-devel-1.6.0.0-35.b24.3mdvmes5.2.i586.rpm
 048d4fa4a17bfbec63e93ca9c104dbdd  mes5/i586/java-1.6.0-openjdk-javadoc-1.6.0.0-35.b24.3mdvmes5.2.i586.rpm
 0e0fd0ec9602d4ce7135bb41a6c4c59c  mes5/i586/java-1.6.0-openjdk-src-1.6.0.0-35.b24.3mdvmes5.2.i586.rpm 
 2b2f0e776cf37401bfd9d196fb439ed2  mes5/SRPMS/java-1.6.0-openjdk-1.6.0.0-35.b24.3mdvmes5.2.src.rpm

2011 i586

 3179023a8cf53f17ca0050c35703cc28  2011/i586/java-1.6.0-openjdk-1.6.0.0-35.b24.3-mdv2011.0.i586.rpm
 9471c08b29d7a4d6901960c777367574  2011/i586/java-1.6.0-openjdk-demo-1.6.0.0-35.b24.3-mdv2011.0.i586.rpm
 687b1956e7806fbe47828aeee46188b3  2011/i586/java-1.6.0-openjdk-devel-1.6.0.0-35.b24.3-mdv2011.0.i586.rpm
 0d81e2b7b5a5e9f9428ab7a719be7abc  2011/i586/java-1.6.0-openjdk-javadoc-1.6.0.0-35.b24.3-mdv2011.0.i586.rpm
 d32b01e41349bac4da35718a40bdd6cb  2011/i586/java-1.6.0-openjdk-src-1.6.0.0-35.b24.3-mdv2011.0.i586.rpm 
 49a829a64856f6bc51885d8006f79d75  2011/SRPMS/java-1.6.0-openjdk-1.6.0.0-35.b24.3.src.rpm

MES5 x86_64

 cc43bba28287a484e139a2f5c3265c83  mes5/x86_64/java-1.6.0-openjdk-1.6.0.0-35.b24.3mdvmes5.2.x86_64.rpm
 47d5cb9ab24e66ded57d5a8bacf97a92  mes5/x86_64/java-1.6.0-openjdk-demo-1.6.0.0-35.b24.3mdvmes5.2.x86_64.rpm
 dd209687eb5c4be2d6cf96e98494cf97  mes5/x86_64/java-1.6.0-openjdk-devel-1.6.0.0-35.b24.3mdvmes5.2.x86_64.rpm
 b0442b7eeaa57cd5e508c616f5ebc35d  mes5/x86_64/java-1.6.0-openjdk-javadoc-1.6.0.0-35.b24.3mdvmes5.2.x86_64.rpm
 de4a1380d9b65b189d1f0b5bcecf0b48  mes5/x86_64/java-1.6.0-openjdk-src-1.6.0.0-35.b24.3mdvmes5.2.x86_64.rpm 
 2b2f0e776cf37401bfd9d196fb439ed2  mes5/SRPMS/java-1.6.0-openjdk-1.6.0.0-35.b24.3mdvmes5.2.src.rpm

2011 x86_64

 5171945563212cc7a6b01c2a17232218  2011/x86_64/java-1.6.0-openjdk-1.6.0.0-35.b24.3-mdv2011.0.x86_64.rpm
 f4313ec1eff30e27d91efc289b2fd939  2011/x86_64/java-1.6.0-openjdk-demo-1.6.0.0-35.b24.3-mdv2011.0.x86_64.rpm
 feec4d3386d8e11d7c49cff7786cc5d9  2011/x86_64/java-1.6.0-openjdk-devel-1.6.0.0-35.b24.3-mdv2011.0.x86_64.rpm
 452b39d7f18da0e420fc9097c1df99fb  2011/x86_64/java-1.6.0-openjdk-javadoc-1.6.0.0-35.b24.3-mdv2011.0.x86_64.rpm
 76d722e635364036f3150b5d376b46f2  2011/x86_64/java-1.6.0-openjdk-src-1.6.0.0-35.b24.3-mdv2011.0.x86_64.rpm 
 49a829a64856f6bc51885d8006f79d75  2011/SRPMS/java-1.6.0-openjdk-1.6.0.0-35.b24.3.src.rpm

References

• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0169
• http://www.oracle.com/technetwork/topics/security/javacpufeb2013update-1905892.html
• http://mail.openjdk.java.net/pipermail/distro-pkg-dev/2013-February/021998.html
• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1486
• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1487